Business Information Security Officer - City of London

IT/Information/Cyber Security
Ref: 177 Date Posted: Wednesday 10 Jul 2024
Title:                    Business Information Security Officer
Reference No:    2143
Company:           Financial Services
Location:             Can be based in UK, Ireland, Belgium, Luxembourg or Isle of Man
Reports to           Group CISO
Salary:                  £90,000 or similar
The Role
The Business Information Security Officer is a key role in ensuring appropriate security posture of the Group. You will join a growing information security team and take accountability for managing information security for local business units.  The Group operates across 10+ offices and data centre locations globally and is actively expanding into new territories.
  • Manage security governance, risk and compliance of business units (and their branches) in Belgium, Luxembourg, Ireland, Isle of Man, Bermuda, the UK, Singapore, Italy and Spain.
  • Participate in relevant Risk & Compliance Committees and service review forums.
  • Collaborate with business stakeholders by engaging with various business units, security teams, and other stakeholders to understand their requirements, identify areas for improvement, and gather relevant information to support security initiatives.
  • Conduct risk control self-assessments. Conduct comprehensive analysis of business needs, security policies, and regulatory requirements to develop a deep understanding of security objectives. Translate these objectives into actionable requirements and recommendations. Implement the requirements in local business units.
  • Develop and maintain relevant documentation (inc. policies, processes, standards, procedures). Maintain accurate and up-to-date records to ensure accuracy of reporting.
  • Work closely with the business, IT and security team to develop effective security solutions aligned with business objectives. Evaluate existing processes, systems, and technologies to identify potential gaps, risks, and opportunities for improvement.
  • Coordinate and participate in management of security projects, ensuring timely delivery, effective resource allocation, and adherence to project timelines and budgets. Collaborate with cross-functional teams to ensure smooth implementation of security initiatives.
  • Produce accurate reporting and status updates for key stakeholders including the Executive & Board Committees.
  • Communicate complex security concepts and requirements in a clear and concise manner to both technical and non-technical stakeholders
  • Provide security consultancy to business initiatives. Support business programmes and projects.
  • Contribute to the security vision, strategy and tactical plans for Information Security in the company
  • Present current security risks and threats at technical and managerial levels.
  • Participate in Information Security Incident Response activities.
  • Monitor compliance with the organization's information security policies and procedures among employees, contractors and third parties.
  • Liaison with key stakeholders to create and enforce policy including business departments, IT, Legal, Internal Audit, and Compliance.
  • Lead the effort to ensure security compliance in accordance with regulatory requirements.
Role Requirements
  • Minimum of 3 years’ experience in similar role (GRC), 5 years’ experience in Information Security
  • Strong experience in defining and implementing security risk control management frameworks – i.e. CIS/SANS20, NIST CSF, ISO27001/27002, COBIT
  • Strong experience in system and network security
  • Strong experience dealing with Internal Audit and Risk Management functions
  • Experience in 2nd Line of Defence (Risk) – a plus
  • Experience in Security Operations – a plus
  • Ability to develop and implement strategies to ensure compliance with industry and data protection regulations (such as BMA, MAS, EU regulations, DORA, GDPR).
  • Knowledge and experience using security and Enterprise Risk Management tools.
  • Demonstratable experience working within hybrid (on-site and cloud based) environment
  • Ability to work independently and think proactively
  • Ability to deliver results through influencing others
  • Ability to effectively communicate with C-level executives and business managers
  • Good interpersonal, written and verbal communication and engagement skills with experience engaging own team, all levels of employees and external partners
  • Must have project management and organisational skills required to manage multiple priorities in a fast-paced environment.
  • Must have high attention to detail; be a self-starter and able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency
  • Be energetic, passionate with a positive attitude
  • Relevant security certifications (CISSP, CISM, GCIA, CRISC, CGEIT, CCISO, etc.)
  • Excellent English language skills
  • French language skills – a plus
  • Dutch/Flemish language skills – a plus